package jadex.platform.service.security.auth;

import jadex.bridge.IComponentIdentifier;
import jadex.commons.ByteArrayWrapper;
import jadex.commons.SUtil;
import jadex.commons.Tuple2;
import jadex.commons.collection.MultiCollection;
import jadex.commons.security.SSecurity;
import jadex.platform.service.security.SecurityAgent;
import java.io.Closeable;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import org.bouncycastle.crypto.agreement.jpake.JPAKERound1Payload;
import org.bouncycastle.crypto.agreement.jpake.JPAKERound2Payload;
import org.bouncycastle.crypto.digests.Blake2bDigest;
import org.bouncycastle.util.Pack;

/* loaded from: input_file:jadex/platform/service/security/auth/Blake2bX509AuthenticationSuite.class */
public class Blake2bX509AuthenticationSuite implements IAuthenticationSuite {
    protected static final int AUTH_SUITE_ID = 93482103;
    protected static final int MAC_SIZE = 64;
    protected static final int DERIVED_KEY_SIZE = 64;
    protected static final int SALT_SIZE = 32;
    protected Map<PasswordSecret, JadexJPakeParticipant> pakestate = new HashMap();
    protected Tuple2<PasswordSecret, JadexJPakeParticipant> remotepwpake;

    @Override // jadex.platform.service.security.auth.IAuthenticationSuite
    public int getId() {
        return AUTH_SUITE_ID;
    }

    /* JADX WARN: Type inference failed for: r0v27, types: [byte[], byte[][]] */
    @Override // jadex.platform.service.security.auth.IAuthenticationSuite
    public byte[] getPakeRound1(SecurityAgent securityAgent, IComponentIdentifier iComponentIdentifier) {
        byte[] bArr = new byte[64];
        SSecurity.getSecureRandom().nextBytes(bArr);
        String obj = securityAgent.getComponentIdentifier().getRoot().toString();
        byte[] bArr2 = new byte[0];
        byte[] bArr3 = new byte[0];
        if ((securityAgent.getInternalPlatformSecret() instanceof PasswordSecret) && securityAgent.getInternalUsePlatformSecret()) {
            PasswordSecret passwordSecret = (PasswordSecret) securityAgent.getInternalPlatformSecret();
            JadexJPakeParticipant createJPakeParticipant = createJPakeParticipant(obj, passwordSecret.getPassword());
            this.pakestate.put(passwordSecret, createJPakeParticipant);
            bArr2 = round1ToBytes(createJPakeParticipant.createRound1PayloadToSend());
            this.remotepwpake = new Tuple2<>(passwordSecret, createJPakeParticipant(obj, passwordSecret.getPassword()));
            bArr3 = round1ToBytes(((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).createRound1PayloadToSend());
        }
        byte[] bArr4 = new byte[0];
        if (securityAgent.getInternalPlatformSecret(iComponentIdentifier) instanceof PasswordSecret) {
            JadexJPakeParticipant createJPakeParticipant2 = createJPakeParticipant(obj, ((PasswordSecret) securityAgent.getInternalPlatformSecret(iComponentIdentifier)).getPassword());
            this.pakestate.put((PasswordSecret) securityAgent.getInternalPlatformSecret(iComponentIdentifier), createJPakeParticipant2);
            bArr4 = round1ToBytes(createJPakeParticipant2.createRound1PayloadToSend());
        }
        ArrayList arrayList = new ArrayList();
        if (securityAgent.getInternalNetworks() != null && securityAgent.getInternalNetworks().size() > 0) {
            for (Map.Entry entry : securityAgent.getInternalNetworks().entrySet()) {
                if (entry.getValue() != null) {
                    for (AbstractAuthenticationSecret abstractAuthenticationSecret : (Collection) entry.getValue()) {
                        if (abstractAuthenticationSecret instanceof PasswordSecret) {
                            JadexJPakeParticipant createJPakeParticipant3 = createJPakeParticipant(obj, ((PasswordSecret) abstractAuthenticationSecret).getPassword());
                            this.pakestate.put((PasswordSecret) abstractAuthenticationSecret, createJPakeParticipant3);
                            JPAKERound1Payload createRound1PayloadToSend = createJPakeParticipant3.createRound1PayloadToSend();
                            arrayList.add(createSaltedId((String) entry.getKey(), bArr));
                            arrayList.add(round1ToBytes(createRound1PayloadToSend));
                        }
                    }
                }
            }
        }
        byte[] bArr5 = new byte[0];
        if (arrayList.size() > 0) {
            bArr5 = SUtil.mergeData((byte[][]) arrayList.toArray((Object[]) new byte[arrayList.size()]));
        }
        return SUtil.mergeData((byte[][]) new byte[]{bArr, bArr2, bArr4, bArr3, bArr5});
    }

    /* JADX WARN: Type inference failed for: r0v34, types: [byte[], byte[][]] */
    @Override // jadex.platform.service.security.auth.IAuthenticationSuite
    public byte[] getPakeRound2(SecurityAgent securityAgent, IComponentIdentifier iComponentIdentifier, byte[] bArr) {
        List splitData = SUtil.splitData(bArr);
        if (splitData.size() != 5) {
            throw new IllegalArgumentException("Illegal round 1 data.");
        }
        byte[] bArr2 = (byte[]) splitData.get(0);
        byte[] bArr3 = new byte[0];
        if (((byte[]) splitData.get(1)).length > 0 && securityAgent.getInternalUsePlatformSecret() && (securityAgent.getInternalPlatformSecret() instanceof PasswordSecret)) {
            JPAKERound1Payload bytesToRound1 = bytesToRound1((byte[]) splitData.get(1));
            JadexJPakeParticipant jadexJPakeParticipant = this.pakestate.get((PasswordSecret) securityAgent.getInternalPlatformSecret());
            try {
                jadexJPakeParticipant.validateRound1PayloadReceived(bytesToRound1);
                bArr3 = round2ToBytes(jadexJPakeParticipant.createRound2PayloadToSend());
            } catch (Exception e) {
            }
        }
        byte[] bArr4 = new byte[0];
        if (((byte[]) splitData.get(2)).length > 0 && securityAgent.getInternalUsePlatformSecret()) {
            JPAKERound1Payload bytesToRound12 = bytesToRound1((byte[]) splitData.get(2));
            if (securityAgent.getInternalPlatformSecret() instanceof PasswordSecret) {
                try {
                    ((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).validateRound1PayloadReceived(bytesToRound12);
                    bArr4 = round2ToBytes(((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).createRound2PayloadToSend());
                } catch (Exception e2) {
                }
            }
        }
        byte[] bArr5 = new byte[0];
        if (securityAgent.getInternalPlatformSecret(iComponentIdentifier) instanceof PasswordSecret) {
            PasswordSecret passwordSecret = (PasswordSecret) securityAgent.getInternalPlatformSecret(iComponentIdentifier);
            JPAKERound1Payload bytesToRound13 = bytesToRound1((byte[]) splitData.get(3));
            JadexJPakeParticipant jadexJPakeParticipant2 = this.pakestate.get(passwordSecret);
            try {
                jadexJPakeParticipant2.validateRound1PayloadReceived(bytesToRound13);
                bArr5 = round2ToBytes(jadexJPakeParticipant2.createRound2PayloadToSend());
            } catch (Exception e3) {
            }
        }
        ArrayList arrayList = new ArrayList();
        if (((byte[]) splitData.get(4)).length > 0 && securityAgent.getInternalNetworks().size() > 0) {
            MultiCollection multiCollection = new MultiCollection();
            for (Map.Entry entry : securityAgent.getInternalNetworks().entrySet()) {
                if (entry.getValue() != null) {
                    for (AbstractAuthenticationSecret abstractAuthenticationSecret : (Collection) entry.getValue()) {
                        if (abstractAuthenticationSecret instanceof PasswordSecret) {
                            multiCollection.add(new ByteArrayWrapper(createSaltedId((String) entry.getKey(), bArr2)), (PasswordSecret) abstractAuthenticationSecret);
                        }
                    }
                }
            }
            List splitData2 = SUtil.splitData((byte[]) splitData.get(4));
            if (splitData2.size() % 2 > 0) {
                throw new IllegalArgumentException("Illegal round 1 data.");
            }
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= splitData2.size()) {
                    break;
                }
                ByteArrayWrapper byteArrayWrapper = new ByteArrayWrapper((byte[]) splitData2.get(i2));
                Collection collection = multiCollection.get(byteArrayWrapper);
                if (collection != null) {
                    Iterator it = collection.iterator();
                    while (it.hasNext()) {
                        JadexJPakeParticipant jadexJPakeParticipant3 = this.pakestate.get((PasswordSecret) it.next());
                        if (jadexJPakeParticipant3 != null) {
                            try {
                                jadexJPakeParticipant3.validateRound1PayloadReceived(bytesToRound1((byte[]) splitData2.get(i2 + 1)));
                                arrayList.add(byteArrayWrapper.getArray());
                                arrayList.add(round2ToBytes(jadexJPakeParticipant3.createRound2PayloadToSend()));
                            } catch (Exception e4) {
                                this.pakestate.remove(securityAgent.getInternalPlatformSecret());
                            }
                        }
                    }
                }
                i = i2 + 2;
            }
        }
        byte[] bArr6 = new byte[0];
        if (arrayList.size() > 0) {
            bArr6 = SUtil.mergeData((byte[][]) arrayList.toArray((Object[]) new byte[arrayList.size()]));
        }
        return SUtil.mergeData((byte[][]) new byte[]{bArr2, bArr3, bArr4, bArr5, bArr6});
    }

    @Override // jadex.platform.service.security.auth.IAuthenticationSuite
    public void finalizePake(SecurityAgent securityAgent, IComponentIdentifier iComponentIdentifier, byte[] bArr) {
        JadexJPakeParticipant jadexJPakeParticipant;
        List splitData = SUtil.splitData(bArr);
        if (splitData.size() != 5) {
            throw new IllegalArgumentException("Illegal finalization data.");
        }
        byte[] bArr2 = (byte[]) splitData.get(0);
        if (((byte[]) splitData.get(1)).length > 0) {
            JadexJPakeParticipant jadexJPakeParticipant2 = this.pakestate.get(securityAgent.getInternalPlatformSecret());
            JPAKERound2Payload bytesToRound2 = bytesToRound2((byte[]) splitData.get(1));
            if (jadexJPakeParticipant2 != null) {
                try {
                    jadexJPakeParticipant2.validateRound2PayloadReceived(bytesToRound2);
                    jadexJPakeParticipant2.calculateKeyingMaterial();
                } catch (Exception e) {
                }
            }
        }
        if (((byte[]) splitData.get(2)).length > 0) {
            JadexJPakeParticipant jadexJPakeParticipant3 = this.pakestate.get(securityAgent.getInternalPlatformSecret(iComponentIdentifier));
            try {
                jadexJPakeParticipant3.validateRound2PayloadReceived(bytesToRound2((byte[]) splitData.get(2)));
                jadexJPakeParticipant3.calculateKeyingMaterial();
            } catch (Exception e2) {
            }
        }
        if (((byte[]) splitData.get(3)).length > 0) {
            try {
                ((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).validateRound2PayloadReceived(bytesToRound2((byte[]) splitData.get(3)));
                ((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).calculateKeyingMaterial();
            } catch (Exception e3) {
            }
        }
        if (((byte[]) splitData.get(4)).length > 0 && securityAgent.getInternalNetworks().size() > 0) {
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : securityAgent.getInternalNetworks().entrySet()) {
                if (entry.getValue() != null) {
                    for (AbstractAuthenticationSecret abstractAuthenticationSecret : (Collection) entry.getValue()) {
                        if ((abstractAuthenticationSecret instanceof PasswordSecret) && (jadexJPakeParticipant = this.pakestate.get(abstractAuthenticationSecret)) != null) {
                            hashMap.put(new ByteArrayWrapper(createSaltedId((String) entry.getKey(), bArr2)), jadexJPakeParticipant);
                        }
                    }
                }
            }
            List splitData2 = SUtil.splitData((byte[]) splitData.get(4));
            if (splitData2.size() % 2 > 0) {
                throw new IllegalArgumentException("Illegal finalization data.");
            }
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= splitData2.size()) {
                    break;
                }
                JadexJPakeParticipant jadexJPakeParticipant4 = (JadexJPakeParticipant) hashMap.get(new ByteArrayWrapper((byte[]) splitData2.get(i2)));
                try {
                    jadexJPakeParticipant4.validateRound2PayloadReceived(bytesToRound2((byte[]) splitData2.get(i2 + 1)));
                    jadexJPakeParticipant4.calculateKeyingMaterial();
                } catch (Exception e4) {
                    this.pakestate.remove(securityAgent.getInternalPlatformSecret());
                }
                i = i2 + 2;
            }
        }
        if (this.remotepwpake != null && ((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).getDerivedKey() == null) {
            this.remotepwpake = null;
        }
        Iterator<Map.Entry<PasswordSecret, JadexJPakeParticipant>> it = this.pakestate.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<PasswordSecret, JadexJPakeParticipant> next = it.next();
            if (next.getValue() == null || next.getValue().getDerivedKey() == null) {
                it.remove();
            }
        }
    }

    @Override // jadex.platform.service.security.auth.IAuthenticationSuite
    public AuthToken createAuthenticationToken(byte[] bArr, AbstractAuthenticationSecret abstractAuthenticationSecret) {
        AuthToken authToken;
        byte[] deriveKey;
        byte[] bArr2 = new byte[SALT_SIZE];
        SSecurity.getSecureRandom().nextBytes(bArr2);
        byte[] messageHash = getMessageHash(bArr, bArr2);
        if (abstractAuthenticationSecret instanceof SharedSecret) {
            SharedSecret sharedSecret = (SharedSecret) abstractAuthenticationSecret;
            if (abstractAuthenticationSecret instanceof PasswordSecret) {
                JadexJPakeParticipant jadexJPakeParticipant = this.pakestate.get(abstractAuthenticationSecret);
                if (jadexJPakeParticipant == null) {
                    return null;
                }
                deriveKey = jadexJPakeParticipant.getDerivedKey();
            } else {
                deriveKey = sharedSecret.deriveKey(64, bArr2);
            }
            if (deriveKey == null) {
                return null;
            }
            Blake2bDigest blake2bDigest = new Blake2bDigest(deriveKey);
            byte[] bArr3 = new byte[100];
            Pack.intToLittleEndian(AUTH_SUITE_ID, bArr3, 0);
            System.arraycopy(bArr2, 0, bArr3, 4, bArr2.length);
            blake2bDigest.update(messageHash, 0, messageHash.length);
            blake2bDigest.doFinal(bArr3, bArr2.length + 4);
            authToken = new AuthToken();
            authToken.setAuthData(bArr3);
        } else {
            if (!(abstractAuthenticationSecret instanceof AbstractX509PemSecret)) {
                throw new IllegalArgumentException("Unknown secret type: " + abstractAuthenticationSecret);
            }
            try {
                AbstractX509PemSecret abstractX509PemSecret = (AbstractX509PemSecret) abstractAuthenticationSecret;
                if (!abstractX509PemSecret.canSign()) {
                    throw new IllegalArgumentException("Secret cannot be used to sign: " + abstractX509PemSecret);
                }
                byte[] signWithPEM = SSecurity.signWithPEM(messageHash, abstractX509PemSecret.openCertificate(), abstractX509PemSecret.openPrivateKey());
                InputStream openCertificate = abstractX509PemSecret.openCertificate();
                String str = new String(SUtil.readStream(openCertificate), SUtil.UTF8);
                byte[] bArr4 = new byte[signWithPEM.length + SALT_SIZE + 4];
                Pack.intToLittleEndian(AUTH_SUITE_ID, bArr4, 0);
                System.arraycopy(bArr2, 0, bArr4, 4, bArr2.length);
                System.arraycopy(signWithPEM, 0, bArr4, 4 + bArr2.length, signWithPEM.length);
                authToken = new X509AuthToken();
                ((X509AuthToken) authToken).setCertificate(str);
                authToken.setAuthData(bArr4);
                SUtil.close(openCertificate);
            } catch (Exception e) {
                authToken = null;
                SUtil.close((Closeable) null);
            } catch (Throwable th) {
                SUtil.close((Closeable) null);
                throw th;
            }
        }
        return authToken;
    }

    @Override // jadex.platform.service.security.auth.IAuthenticationSuite
    public boolean verifyAuthenticationToken(byte[] bArr, AbstractAuthenticationSecret abstractAuthenticationSecret, AuthToken authToken) {
        boolean z = false;
        try {
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (Pack.littleEndianToInt(authToken.getAuthData(), 0) != AUTH_SUITE_ID) {
            return false;
        }
        if (abstractAuthenticationSecret instanceof SharedSecret) {
            SharedSecret sharedSecret = (SharedSecret) abstractAuthenticationSecret;
            if (authToken.getAuthData().length != 100) {
                return false;
            }
            byte[] bArr2 = new byte[SALT_SIZE];
            System.arraycopy(authToken.getAuthData(), 4, bArr2, 0, bArr2.length);
            byte[] messageHash = getMessageHash(bArr, bArr2);
            byte[] bArr3 = new byte[64];
            System.arraycopy(authToken.getAuthData(), 36, bArr3, 0, bArr3.length);
            byte[] bArr4 = null;
            if (sharedSecret instanceof PasswordSecret) {
                JadexJPakeParticipant jadexJPakeParticipant = this.pakestate.get(abstractAuthenticationSecret);
                if (jadexJPakeParticipant != null) {
                    bArr4 = jadexJPakeParticipant.getDerivedKey();
                }
            } else {
                bArr4 = sharedSecret.deriveKey(64, bArr2);
            }
            if (bArr4 == null) {
                return false;
            }
            Blake2bDigest blake2bDigest = new Blake2bDigest(bArr4);
            byte[] bArr5 = new byte[64];
            blake2bDigest.update(messageHash, 0, messageHash.length);
            blake2bDigest.doFinal(bArr5, 0);
            z = Arrays.equals(bArr5, bArr3);
            if (!z && this.remotepwpake != null && abstractAuthenticationSecret == this.remotepwpake.getFirstEntity()) {
                ((JadexJPakeParticipant) this.remotepwpake.getSecondEntity()).getDerivedKey();
                blake2bDigest.reset();
                byte[] bArr6 = new byte[64];
                blake2bDigest.update(messageHash, 0, messageHash.length);
                blake2bDigest.doFinal(bArr6, 0);
                z = Arrays.equals(bArr6, bArr3);
            }
        } else if ((abstractAuthenticationSecret instanceof AbstractX509PemSecret) && (authToken instanceof X509AuthToken)) {
            byte[] bArr7 = new byte[SALT_SIZE];
            System.arraycopy(authToken.getAuthData(), 4, bArr7, 0, bArr7.length);
            byte[] messageHash2 = getMessageHash(bArr, bArr7);
            byte[] bArr8 = new byte[(authToken.getAuthData().length - 4) - bArr7.length];
            System.arraycopy(authToken.getAuthData(), 4 + bArr7.length, bArr8, 0, bArr8.length);
            z = SSecurity.verifyWithPEM(messageHash2, bArr8, ((X509AuthToken) authToken).getCertificate(), new LinkedHashSet(SSecurity.readCertificateChainFromPEM(new String(SUtil.readStream(((AbstractX509PemSecret) abstractAuthenticationSecret).openCertificate()), SUtil.UTF8))));
        } else {
            Logger.getLogger("authentication").warning("Unknown secret type: " + abstractAuthenticationSecret);
        }
        return z;
    }

    protected static final byte[] getMessageHash(byte[] bArr, byte[] bArr2) {
        Blake2bDigest blake2bDigest = new Blake2bDigest(512);
        byte[] bArr3 = new byte[64];
        blake2bDigest.update(bArr, 0, bArr.length);
        blake2bDigest.update(bArr2, 0, bArr2.length);
        blake2bDigest.doFinal(bArr3, 0);
        return bArr3;
    }

    protected static final JadexJPakeParticipant createJPakeParticipant(String str, String str2) {
        return new JadexJPakeParticipant(str, str2, new Blake2bDigest(512));
    }

    /* JADX WARN: Type inference failed for: r0v16, types: [byte[], byte[][]] */
    protected static final byte[] round1ToBytes(JPAKERound1Payload jPAKERound1Payload) {
        return SUtil.mergeData((byte[][]) new byte[]{jPAKERound1Payload.getParticipantId().getBytes(SUtil.UTF8), jPAKERound1Payload.getGx1().toByteArray(), jPAKERound1Payload.getGx2().toByteArray(), bigIntegerArrayToByteArray(jPAKERound1Payload.getKnowledgeProofForX1()), bigIntegerArrayToByteArray(jPAKERound1Payload.getKnowledgeProofForX2())});
    }

    protected static final JPAKERound1Payload bytesToRound1(byte[] bArr) {
        List splitData = SUtil.splitData(bArr);
        if (splitData.size() != 5) {
            throw new IllegalArgumentException("Failed to decode round 1 payload.");
        }
        return new JPAKERound1Payload(new String((byte[]) splitData.get(0), SUtil.UTF8), new BigInteger((byte[]) splitData.get(1)), new BigInteger((byte[]) splitData.get(2)), byteArrayToBigIntegerArray((byte[]) splitData.get(3)), byteArrayToBigIntegerArray((byte[]) splitData.get(4)));
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    protected static final byte[] round2ToBytes(JPAKERound2Payload jPAKERound2Payload) {
        return SUtil.mergeData((byte[][]) new byte[]{jPAKERound2Payload.getParticipantId().getBytes(SUtil.UTF8), jPAKERound2Payload.getA().toByteArray(), bigIntegerArrayToByteArray(jPAKERound2Payload.getKnowledgeProofForX2s())});
    }

    protected static final JPAKERound2Payload bytesToRound2(byte[] bArr) {
        List splitData = SUtil.splitData(bArr);
        if (splitData.size() != 3) {
            throw new IllegalArgumentException("Failed to decode round 1 payload.");
        }
        return new JPAKERound2Payload(new String((byte[]) splitData.get(0), SUtil.UTF8), new BigInteger((byte[]) splitData.get(1)), byteArrayToBigIntegerArray((byte[]) splitData.get(2)));
    }

    protected byte[] createSaltedId(String str, byte[] bArr) {
        byte[] bytes = str.getBytes(SUtil.UTF8);
        Blake2bDigest blake2bDigest = new Blake2bDigest(512);
        blake2bDigest.update(bArr, 0, bArr.length);
        blake2bDigest.update(bytes, 0, bytes.length);
        byte[] bArr2 = new byte[64];
        blake2bDigest.doFinal(bArr2, 0);
        return bArr2;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [byte[], byte[][]] */
    protected static final byte[] bigIntegerArrayToByteArray(BigInteger[] bigIntegerArr) {
        ?? r0 = new byte[bigIntegerArr.length];
        for (int i = 0; i < r0.length; i++) {
            r0[i] = bigIntegerArr[i].toByteArray();
        }
        return SUtil.mergeData((byte[][]) r0);
    }

    protected static final BigInteger[] byteArrayToBigIntegerArray(byte[] bArr) {
        List splitData = SUtil.splitData(bArr);
        BigInteger[] bigIntegerArr = new BigInteger[splitData.size()];
        for (int i = 0; i < bigIntegerArr.length; i++) {
            bigIntegerArr[i] = new BigInteger((byte[]) splitData.get(i));
        }
        return bigIntegerArr;
    }
}
